FEB 16 2006 21:04 FR 00 15093238979 TO 15712738300 P. 04/25 



10 
11 
12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 



LIST OF CLAIMS / AMENDMENTS 

In the aaims 

Please cancel claiins 3, 12, 19-20, 25-31, and 36 without prejudice. 
Claims 25-31 are canceled as non-elected claims in response to a telephone call 
from the Examiner on August 25, 2005 for a restriction requirement election 
(Office Action p,2y 

Please amend claims 1, 4-8, 1 1, 16, 23, 32> and 37-41 as shown herein. 

Claims 1-2, 4-11, 13-18, 21-24, 32-35, and 37-74 are pending and are listed 
following: 

!• (cnrrently amended) An enteiprise network architecture, comprising: 

a first network system including one or more first network system domains; 

a second network system including one or more second network system 
domains, the second network system being autonomous from the first network 
system such that the first network system domains are administratively 
independent from the second network system domains; and 

a tnist link between a first network system root domain and a second 
network system root domain, the trust link configured to provide transitive 
resource access between the one or more first network system domains and the 
one or more second network system domains where the transitive resource access 
includes remote authentication such that an account managed by the second 
network system can initiate a request for authentication via a first network system 
domain. 
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2. (original) An enterprise network architecture as recited in 
claim U wherein: 

the first network system root domain is configured for cominunication with 
the one or more first network system domains; 

the second network system root domain is configured for conmiunication 
with the one or more second network system domains; and 

the trust link is further configured to provide transitive security associations 
between the one or more first network system domains and the one or more second 
network system domains, 

3* (canceled) 

4. (currently amended) An enterprise network architecture as 
recited in claim 1» wherein the transitive resource access includes tfie remote 
authentication to access a resource managed in the second network system, such 
that €Sk &e account managed by the second network system can initiate [[a]] the 
request for authentication to access the resource via [[a]] tfie first network system 
domain. 
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5. (corrently amended) An enterprise network architecture as 

recited in claim 1, wherein: 

[[a]] the first network system domain includes a first domain controller; 
a second network system domain includes a second domain controller; and 
m fee account managed by the second domain controller can initiate [[a]] 

the request for remote network authentication via the first domain controller 

6. (currently amended) An enterprise network architecture as 

recited in claim 1 , wherein: . 

[[a]] tflfi first network system domain includes a first domain controller; 
a second network system domain includes a second domain controller; and 
fok fee account managed by the second domain controller can initiate [[a]] 

the request for authentication to access a resource managed in the second network 

system, the request for authentication communicated from the first domain 

controller to the second network system via the trust link. 
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7. (currently amended) An enterprise network architecture as 

recited in claim 1, wherein: 

the first network system root domain is configured for communication with 
the one or more first network system domains, an individual first network system 
domain including a first domain controller; 

the second network system root domain is configured for commimication 
with the second network system domains, an individual second network system 
domain including a second domain controller; and 

tiie account managed by the second domain controller can initiate [[a]] 
the request for authentication to access a resource managed by the second domain 
controller, the request for authentication commimicated from the first domain 
controller to the second domain controller via the first network system root 
domain, the trust link* and the second network system root domain. 

8. (currently amended) An enterprise network architecture as 
recited in claim 1, wherein the trust link is a one-way trust link initiated by an 
administrator of the first network system, and wherein an &e account in the 
second network system can access resources in the first network system. 

9- (original) An enterprise network architecture as recited in 
claim 1, wherein the tmst link is a one-way trust link initiated by an administrator 
of the first network system, the one-way tmst link configured to provide transitive 
resource access firom the second network system domains to the first network 
system domains. 



MSI-SSOUSMOt 



PAGE 7l25'IK)VDAT2fimS 11:58:30 PM [Eastern Standard Tiine]*^^ 



FEB 16 2006 215 04 FR 00 



15093238979 TO 15712738300 P.08>^5 



1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



10« (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a two-way trust link initiated by a first network 
system administrator and by a second network system administrator, and wherein 
the transitive resource access is automatically configured when the trust link is 
established 

11. (currently amended) An enterprise network architecture as 
recited in claim 1, wherein the first network system is configured to determine 
firom the trust link where to communicate a request for a resource, the request 
received firom d» Ae account managed in the first network system and the resource 
maintained by the second network system. 

12. (canceled) 

13. (original) An enterprise network architecture as recited in 
claim 1» wherein the first network system is configured to receive a request to 
logon to the second network system and determine from the trust link where to 
communicate the request, and wherein the second network system is configured to 
authenticate the request. 

14. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data stmcture configured to maintain 
namespaces corresponding to tmsted netwoiic system domain components. 
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15. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link includes a first network system data structure and a 
second network system data structure, the first network system data structure 
configured to maintain trusted namespaces coiresponding to the second network 
system^ and the second network system data structure configured to maintain 
trusted namespaces corresponding to the first network system. 

16. (currently amended) An enterprise network architecture as 
recited in claim 1, wherein the trust link is a data structure configured to maintain 
namespaces corresponding to the second network system, and wherein the first 
network system is configured toi 

maintain the data structure; and 

automatically designate which of the namespaces are trusted by the first 
network system. 

17. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data structure maintained by the first network 
system, the data structure configured to maintain namespaces corresponding to 
tmsted second network system domain components, and the trusted second 
network system domain components being designated as trusted by a first network 
system administrator. 
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18. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data structure maintained by the first network 
system, the data structure configured to maintain trusted namespaces 
corresponding to the second network system, and wherein the first network system 
is configured to receive a request to logon to the second network system and 
determine from the trusted namespaces where to communicate the request. 

19-20. (canceled) 

21* (original) An enterprise network architecture as recited in 
claim 1, wherein the first netwoik system is configured to; 

receive an account request to logon to the second network system; 
determine from the trust link where to communicate the account request; 

and 

provide a security identifier to the second network system, the security 
identifier corresponding to the account 
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22. (original) An enterprise network architecture as recited in 
claim 1, wherein: 

the first network system is configured to determine from the trust link 
where to commnnicate a service account request to access a resource maintained 
by the second network system; 

the first network system is further configured to provide a security 
identifier to the second network system, the security identifier corresponding to a 
user account maintained by the first network system; and 

the second network system is configured to determine from the trust link 
whether to trust the security identifier to authorize the service account request. 

23* (currently amended) An enterprise network architecture as 
recited in claim 1, wherein the trust link is a data structure maintained by the first 
network system, the data structure configured to maintain trusted namespaces 
corresponding to the second network system, and wherein the first network system 
is configured to: 

determine from the trusted namespaces where to communicate a logon 
request received from ^ tfie account managed in the second network system; and 

provide a security identifier to the second network system, the security 
identifier corresponding to the account. 
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24- (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data structure maintained by the first network 
system, the data structure configured to maintain trusted namespaces 
corresponding to the second network system, and wherein: 

the first network system is configured to determine from the trusted 
namespaces where to communicate a service account request to access a resource 
maintained by the second network system; 

the first network system is further configured to provide a security 
identifier to the second network system, the security identifier corresponding to a 
user account maintained by the first network system; and 

the second network system is configured to detenttine fi:om the trusted 
namespaces whether to trust the security identifier to authorize the service account 
request 

25- 31. (canceled) 
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32. (currently amended) A network system domain, comprising: 
a root domain controller communicatively linked with one or more network 
system domains in a first network system; and 

a trusted domain component configured to define a trust link between the 
root domain controller and a second network system root domain controller, the 
second network system root domain controller communicatively linked with one 
or more second network system domains that are administratively independent 
from the first network system domains, and the trust link being configured to 
provide transitive resource access between the first network system domains and 
the second network system domain s, the trusted domain com ponent being further 
configured to provide remote network authentication su ch that an account 
managed bv a second network svstem domain can initiate a request for 
authentication via a first network sy stem domain. 

33* (original A network system domain as recited in claim 32, 
wherein the root domain controller is configured to create the trusted domain 
component when the trust link is initiated. 

34. (original) A network system domain as recited in claim 32, 
wherein the root domain controller is configured to estabKsh the transitive 
resource access between the first network system domains and the second network 
system domains when the tmst link is initiated. 
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35* (original) A network system domain as recited in claim 32, 
wherein the trusted domain component defines a one-way trust link from the root 
domain controller to tfie second network system root domain controller, 

36. (caneeled) 

37* (currently amended) A network system domain as recited in 
claim 32^ wherein tfie trusted domain component is further configured to provide 
the remote network authentication to access a resource managed by [[a]] the 
second network system domain, such that en the account managed by [[aj] tiie first 
network system domain can initiate a request to access the resource via th e 
network system domai i t ^ the request communicated from the root domain 
controller to the second network system root domain controller via the trust link. 

38. (currently amended) A network system domain as recited in 
claim 32, wherein the root domain controller is configured to determine from the 
trusted domain component where to communicate [[a]] die request for 
authentication received from en the account managed by [[a]] the second network 
system domain. 

39* (currently amended) A network system domain as recited in 
claim 32, wherein the trusted domain component is configured to indicate where 
to communicate [[a]] the request for authentication received from an the account 
managed by [[a]] ^ second network system domain. 
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40. (currenfly amended) A network system domain as recited in 
claim 32, wherein the root domain controller is configured to determine from the 
trusted domain component where to communicate a request for a resource, the 
request received from an the account managed by [[a]] the second network system 
domain and the resource maintained by the second network system domain. 

41. (currently amended) A network system domain as recited in 
claim 32, wherein the root domain controller is configured to receive a request to 
logon to [[a]] the second network system domain, and determine from the trusted 
domain comp>onent to communicate the request to the second network system root 
domain controller via the tmst link. 

42. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
trusted namespaces corresponding to the second network system. 

43. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
namespaces corresponding to trusted second network system domain components. 
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44. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
namespaces corresponding to the second network system, and wherein the root 
domain controller is configured to maintain the data structure and automatically 
designate which of the namespaces are trusted by the first network system. 

45. (original) A network system domain as recited in claim 32^ 
wherein the trusted domain component is a data stmcture maintained by the root 
domain controller^ the data stmcture configured to maintain namespaces 
corresponding to the second network system^ and the namespaces being 
designated as trusted by a network system administrator. 

46i (original) A netwoik system domain as recited in claim 32, 
wherein the trusted domain component is a data structure maintained by the root 
domain controller, the data structure configured to maintain trusted namespaces 
corresponding to the one or more second network system domains, and wherein 
the root domain controller is configured to receive a request to logon to the second 
network system and determine from the trosted namespaces where to 
commimicate the request. 



MSI-680U5MOt 



lee@hayes 

PAGE 16/25 ' RCVD AT 2/16/2006 11:58:30 PM [Eastern Standard fime] ' SVR:USPT0-EFXRF4/25 * DNIS:2738300 ' CSlD:150932389/9 ' DURATION (niin-ss):06-02 



FEB 16 2006 21: 06 FR 00 15093238979 TO 15712738300 P. 17/25 



1 
2 
3 
4 
5 
6 
7 
8 

10 

1! 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 



47, (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
trusted namespaces corresponding to the second network system, and wherein the 
root domain controller is configured to determine from the trusted namespaces 
where to communicate a request for a resource, the request received from an 
account managed by the root domain controller and the resource maintained by a 
second network system domain. 

48* (original) A network system domain as recited in claim 32, 
wherein: 

the tmsted domain component is a data structure configured to maintain 
trusted namespaces corresponding to the second network system; 

the root domain controller is configured to determine from the trusted 
namespaces where to communicate a request for a resource, the request received 
from an account managed by the root domain controller and the resource 
maintained'by a second network system domain; and 

the second network system is configured to authorize the request for the 
resource* 
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49. (original) A network system domain as recited in claim 32, 
wherein the root domain controller is configured to: 

receive an account request to logon to a second network system domain; 

determine from the trusted domain component where to communicate the 
accoimt request; and 

provide a security identifier to the second network system domain 
controller, the security identifier corresponding to the account. 

50. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure maintained by the 
domain controller, the data structure including trusted namespaces corresponding 
to the second network system, and wherein the root domain controller is 
configured to: 

determine fixim the trusted namespaces where to conmiunicate a logon 
request received from an account managed by a second network system; and 

provide a security identifier to the second network system domain 
controller, the security identifier corresponding to the account 
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51. (original) A first network system domain controller perfomiing a 

method comprising: 

establishing a trust link with a second network system domain controller to 
provide transitive resource access between domains in a first network system and 
domains in a separate, autonomous second network system; 

receiving an authentication request from an account managed by a domain 
in the second netwoik system; and 

determining to authenticate the request via the trust link. 

52. (original) A method as recited iti claim 51, wherein establishing 
the tmst link comprises: 

receiving network system identifiers corresponding to the second network 
system; 

creating a data stmcture to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 

53. (original) A method as recited in claim 51 » wherein establishing 
the trust link comprises: 

receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; and 
designating which of the namespaces to trust. 
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54. (original) A method as recited in claim 51, wherein establishing 

the trust link comprises: 

receiving network system identifiers corresponding to the second network 

system; 

creating a data structure to maintain the network system identifiers; 
detennining whether to trust an individual network system identifier; and 
designating in the data structure whether to trust the individual network 
system identifier. 

55. (original) A method as recited in claim 51, wherein establishing 
the trust link comprises: 

receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; 
determining whether to trust an individual namespace; and 
designating in the data structure whether to trust the individual namespace. 

56. (original) A method as recited in claim 51^ wherein establishing 
the trust link comprises: 

receiving network system identifiers corresponding to the second network 
system; 

comparing a received network system identifier with existing network 
system identifiers to determine whether to accept the received network system 
identifier, and 

creating a data structure to maintain accepted network system identifiers. 
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57. (original) A method as recited in claim 51, wherein establishing 

the trust link comprises: 

receiving namespaces corresponding to the second network system; 

comparing a received namespace with existing namespaces to detennine 
whether to accept the received namespace; and 

creating a data structure to maintain accepted namespaces. 

58. (original) A method as recited in claim 51, wherein establishing 
the trust link comprises receiving network system identifiers corresponding to the 
second network system and designating which of the network system identifiers to 
trust, and wherein determining comprises comparing a component of the request 
with the network system identifiers to detennine that the account is managed in 
the second network system, 

59. (original) A method as recited in claim 51, further comprising 
providing a security identifier corresponding to the account to the first network 
system domain controller, the first network sjfstem domain controller comparing 
the security identifier with stored networic system identifiers to determine whether 
the security identifier is valid. 
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60. (original) A first network system domain controller performing a 

method comprising: 

establishing a trust link with a second network system domain controller to 
provide transitive resource access between domains in a first network system and 
domains in a separate, autonomous second network system; 

receiving a resoxirce request firom an account managed by the first network 

system domain controller; 

determining to communicate ttie resource request to the swond network 

system; and 

commimicating the resource request to the second network system domain 
controller via the trust link. 

61. (original) A method as recited in claim 60, wherein establishing 
the trust link comprises: 

receiving network system identifiers corresponding to the second network 

system; 

creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trast. 

62. (originar) A method as recited in claim 60, wherein establishing 
the trust link comprises: 

receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; and 
designating which of the namespaces to tmst. 
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63, (original) A incthod as recited in claim 60, wherein establishing 
the trust link comprises receiving network system identifiers coixesponding to the 
second network system and designating which of the network system identifiers to 
trust, and wherein determining comprises comparing a component of the request 
with the network system identifiers to determine that the resource is managed in 
the second network system. 

64. (original) A method as recited in claim 60» further comprising 
providing a security identifier corresponding to the account to the first network 
system domain controller, the first network system domain controller comparing 
the security identifier with stored network sjrstem identifiers to determine whether 
the security identifier is valid. 
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65. (original) One or more computer-readable media comprising 
computer-executable instructions that, when executed, direct a first network 
system domain controller to perform a method comprising: 

establishing a trust link with a second network system domain controller to 
provide transitive resource access between domains in a first network system and 
domains in a separate, autonomous second network system; 

receiving a resource request fh)m an account managed by a domain 
controller in the second network system; 

deteimining to communicate the resource request to the second network 
system; and 

communicating the resource request to the second network system domain 
controller via tiie trust link, 

66. (original) One or more computer-readable media as recited in 
claim 65, wherein establishing the tmst Imk comprises: 

receiving network system identifiers corresponding to the second network 
system; 

creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 
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67. (original) One or more computer-readable media comprising 
computer-executable instructions that, when executed, direct a domain controller 
in a first network system to perform a method comprising; 

requesting network system identifiers corresponding to a second network 
system to create a trust link between the first network system and the second 
network system, the second network system being autonomous from the first 
network system; 

determining whether to accept the network system identifiers; 

designating accepted network system identifiers as trusted with trust 
indicators; and 

creating a data structure to maintain the accepted network system identifiers 
and corresponding trust indicators. 

68. (original) One or more computer-readable media as recited in 
claim 67, wherein determining comprises comparing an individual network system 
identifier with existing network system identifiers and rejecting the individual 
network system identifier if it is a duplicate of an existing network system 
identifier. 
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